I was trying to understand one way signature chaining on message by Saxena and Soh. As the message is passed from one user to other, every user can combine their signature to create one single signature for a message m. This aggregated signature when passed along with public key of all users who have signed the message can be used to prove that message has been seen by every user.

The chain signature protocol defined under it has 3 steps:

What i do not understand is that in "Chainsign" step, how for a message m, we get different hash values H(i) for different values of L(i). I know that Hash function only takes message as input to yield hash value. How is sequence of public keys Y1,Y2,Y3....Yi is fed along with 'm' to get different hash values? can we practically add key along with message to hash function to get new digest, if so how this mapping is happening?

1 Answer
1

Actually, the notation of the authors is not complete. They simply do not define what it means to hash several values at once. However, what one would do in practice is appending everything. So $H_i$ would be
$$H_i = \mathcal{H}(m\|Y_1\|Y_2\|\ldots\|Y_i)$$